Lightrun
question-mark
Stuck on an issue?

Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.

And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.

LDAP Authentication Filter \ Usage

See original GitHub issue

I am trying to setup LDAP authentication with our AD environment.

` basicAuthentication.enabled=true #basicAuthentication.realm=“Kafka-Manager” #basicAuthentication.username=“admin” #basicAuthentication.password=“password” basicAuthentication.excluded=[“/api/health”] # ping the health of your instance without authentification

basicAuthentication.ldap.enabled=true basicAuthentication.ldap.server=“ad-server.domain.local” basicAuthentication.ldap.port=389 basicAuthentication.ldap.username=“CN=Kafka Service,OU=Kafka,OU=Prod,OU=Service,DC=Domain,DC=local” basicAuthentication.ldap.password=“password” basicAuthentication.ldap.search-base-dn=“dc=domain,dc=local” basicAuthentication.ldap.connection-pool-size=10 basicAuthentication.ldap.ssl=false `

For the search filter (which I think is where my issue is), I’ve tried a few different ways: basicAuthentication.ldap.search-filter="(uid=$capturedLogin$)" basicAuthentication.ldap.search-filter="CN=Kafka Admins,OU=Groups,OU=Prod,OU=Service,DC=Domain,DC=local" and basicAuthentication.ldap.search-filter="(&(cn=%u)(memberOf=CN=Kafka Admins,OU=Groups,OU=Prod,OU=Service,DC=Domain,DC=local))" No matter what I try I end up in a login loop (no error), and do not believe it is querying the account from the group in the search filter properly. I’ve enabled DEBUG logging and it does not output anything at all.

I also feel like there should be a setting for me to associate the sAMAccountName or userPrinipalName from the users attributes.

Thanks for any help here!

Issue Analytics

  • State:open
  • Created 4 years ago
  • Comments:10

github_iconTop GitHub Comments

1reaction
atharvaicommented, Aug 18, 2020

I’m using v3.0.0.5 and this still doesn’t work. it also would be nice if the logs printed out errors for LDAP. Is there a version where group filter works and prints error logs?

0reactions
yumupdatecommented, Jul 7, 2022

Hi,

Don’t know if it could help but after 1 day of struggle with ldap I’m finaly able to restrict access to a group named kafka-manager in FreeIPA LDAP on CentOS:

basicAuthentication.ldap.enabled=true
basicAuthentication.ldap.server="server.domain.local"
basicAuthentication.ldap.port=389
basicAuthentication.ldap.username="uid=admin,cn=users,cn=compat,dc=domain,dc=local"
basicAuthentication.ldap.password="******"
basicAuthentication.ldap.search-base-dn="dc=domain,dc=local"
basicAuthentication.ldap.search-filter="(&(uid=$capturedLogin$)(memberOf=cn=kafka-manager,cn=groups,cn=accounts,dc=domain,dc=local))"
basicAuthentication.ldap.connection-pool-size=10
basicAuthentication.ldap.ssl=false

For Windows Active Directory, replace uid=$capturedLogin$ by sAMAccountName=$capturedLogin$ Thank you! sAMAccountName=$capturedLogin$ worked for me

Read more comments on GitHub >

github_iconTop Results From Across the Web

How to write LDAP search filters | Atlassian Support
Filters can be used to restrict the numbers of users or groups that are permitted to access an application. In essence, the filter...
Read more >
What is meant by Search Filter in my LDAP environment?
1. Search Filter is a basic LDAP Query for searching users based on mapping of username to a particular LDAP attribute. 2. The...
Read more >
LDAP Filters
Filters are a key element in defining the criteria used to identify entries in search requests, but they are also used elsewhere in...
Read more >
Advanced LDAP Filtering
When you Create a Site that Uses LDAP Authentication, you must specify the User Filter on the LDAP Authentications page of the wizard....
Read more >
LDAP filter for users, groups, and email
When setting up your users configuration, on the Configure data source window check the Advanced box. Select another source, and then set the...
Read more >

github_iconTop Related Medium Post

No results found

github_iconTop Related StackOverflow Question

No results found

github_iconTroubleshoot Live Code

Lightrun enables developers to add logs, metrics and snapshots to live code - no restarts or redeploys required.
Start Free

github_iconTop Related Reddit Thread

No results found

github_iconTop Related Hackernoon Post

No results found

github_iconTop Related Tweet

No results found

github_iconTop Related Dev.to Post

No results found

github_iconTop Related Hashnode Post

No results found
Previous page

Failed to add cluster on 3.0.0.1

Next page

Kafkamanager support for kafka 2.3.1 version